Proactive Cybersecurity: A Comparative Industry and Regulatory Analysis

Abstract

"This Article analyzes recent business realities and regulatory trends shaping the proactive cybersecurity industry. To provide a framework for our discussion, we begin by describing the historical development of the industry and how it has been shaped by the applicable law in the United States and other G8 nations. We then catalogue the proactive cybersecurity practices of more than twenty companies, focusing on four case studies that we consider in the context of polycentric 'global security assemblages.' Finally, we assess the emergence of proactive cybersecurity norms, both within industry and international law, and consider the implications of this movement on contemporary Internet governance debates about the role of the public and private sectors in regulating cyberspace. Ultimately, we maintain that proactive cybersecurity, especially if pursued with improved legal clarity and global cooperation, demonstrates an opportunity for polycentric partnerships to result in better protected IT assets."